An error occurred:

Check: GEN000452

SUSE Linux Enterprise Server v11 for System z STIG: GEN000452 (in versions v1 r12 through v1 r9)

Title

The system must display the date and time of the last successful account login upon login. (Cat III impact)

Discussion

Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.

Check Content

Check that pam_lastlog is used and not silent, or that the SSH daemon is configured to display last login information. # grep pam_lastlog /etc/pam.d/sshd If pam_lastlog is present, and does not have the "silent" option, this is not a finding. # grep -i PrintLastLog /etc/ssh/sshd_config If PrintLastLog is not enabled in the configuration either explicitly or by default, this is a finding.

Fix Text

Implement pam_lastlog, or enable PrintLastLog in the SSH daemon. To enable pam_lastlog, add a line such as "session required pam_lastlog.so" to /etc/pam.d/sshd. To enable PrintLastLog in the SSH daemon, remove any lines disabling this option from /etc/ssh/sshd_config.

Additional Identifiers

Rule ID: SV-44833r1_rule

Vulnerability ID: V-22299

Group Title: GEN000452

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000052

The information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access).

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-9

Previous Logon (Access) Notification